Setting the Record Straight on REAL ID (Part III) – Too Much Spaghetti

Critics of REAL ID often misrepresent what it is and what it is not. Probably the most egregious myth is the claim that the law creates a national ID that Americans will be required to carry.

Wrong. REAL ID is simple. The regulation requires that states meet minimum security standards when they issue driver’s licenses and identification cards necessary for “official purposes,” like getting on a plane or entering federal buildings. That’s it. The federal government’s role is to make sure that states meet minimum standards of security, so that banks and airports in one state can count on the quality of licenses issued in another.

States will still control their licenses and the personal information they collect. And, they will have plenty of flexibility in setting the license’s design, physical security features, and issuance procedures. These minimum standards will make it harder for terrorists to take advantage of the weak security of a particular state, the way Timothy McVeigh did when he used a fake South Dakota license to rent a Ryder truck in Oklahoma to bomb the Murrah Federal Building.

Don’t want a REAL ID? Don’t get one. If you don’t need a driver’s license or similar ID today, nothing in the REAL ID Act requires you to get one. In fact, the federal government does not have the authority to regulate how or whether a bank, grocery store, retailer, or school requires REAL ID. States and private companies make those determinations. So, given that states will have control over the production and issuance processes, the design and features of the card, and the data stored, how can anyone argue that REAL ID is a national ID? In short, they can’t, but that does not stop them from trying.

REAL ID is one of the last 9/11 Commission recommendations that still remains to be implemented. All but one of the nineteen 9/11 hijackers carried some form of government-issued ID, mostly state driver’s licenses, many of which were obtained fraudulently. In the planning stages for the attacks, these documents were used to rent vehicles, evade law enforcement, enroll in flight school, and board airplanes on that fateful day.

The 9/11 Commission was dismayed, like the rest of us, by how easy it was for the hijackers to beat the system. That’s why the Commission recommended that “(s)ecure identification should begin in the Untied States. The Federal Government should set standards for the issuance of birth certifications and sources of identification, such as driver’s licenses.”

Critics of REAL ID have been busy throwing a lot of spaghetti on the walls. They’ll tell you it’s a national ID, it invades privacy, or that it’s too expensive. Spaghetti throwing is almost a pastime in the beltway. It is also an indication that one lacks valid arguments. So, absent that validity, they’ll throw out a bunch of poor arguments and see which ones stick.

But, REAL ID is too important for these sorts of myths or games. I have commented on some of them in earlier blogs, and I’m still waiting for a convincing argument in favor of insecure identification. If you have one, I’d sure like to see it.

For more information on REAL ID, visit: www.dhs.gov/realid.

Stewart A. Baker
Assistant Secretary for Policy

Setting the Record Straight on REAL ID -- Part II Privacy

Is REAL ID a threat to privacy? There are critics who will say so. But, these same critics can’t and won’t tell you precisely how REAL ID threatens privacy. There’s a reason for that. They have no evidence. The facts are that REAL ID will actually increase privacy protections for Americans, and in several concrete ways.

Under REAL ID, state Departments of Motor Vehicles (DMVs)--not the federal government--will continue to control driver’s license data. And, thanks to REAL ID, that data will get additional protection from disclosure. State DMVs will meet tough new security standards for that data.

State security plans must address, among other things:

• the physical security of the facilities and materials used to produce licenses,
• the design and security features on the cards, and
• the security of how the public’s personal information is managed.

In addition to the "Driver’s Privacy Protection Act," which will continue to bar states and their employees from selling or releasing personal information, the DHS Privacy Office has established a set of best practices for the protection of this information. These best practices provide guidance to the states and raise the bar for state DMVs beyond what was previously required by federal or state law.

Another myth we sometimes hear – "But, won’t REAL ID create new links between DMVs, who will now be checking to make sure that drivers don’t hold licenses from several states? Doesn’t that create a risk of hacking, and identity theft?" Here again, the argument does not hold any water. Law enforcement officials from every state can already log into DMV databases check the validity of a license when they perform a traffic stop. And, for the past 16 years DMV officials have run checks for commercial licenses to keep truck drivers from holding multiple licenses. To date, there’s not been a single reported privacy violation.

If you've ever been the victim of identity theft, there's a one-in-three chance that the thief used a fake driver's license to commit the crime. It’s very simple. Making licenses harder to forge will make this crime harder to perpetrate.

For example, REAL ID requires all states to verify birth certificates by going to the source – the states where the certificates were issued. It calls for electronic confirmation of the data on the certificates, making it much more difficult for an identity thief to create a fictitious identity using a forged birth certificate.

There will always be folks who yearn for a simpler day – before Google, before the Social Security Number, and before telephone books. No doubt all of these innovations have had an effect on privacy. But, they’ve also made modern life far more convenient.

There will also always be folks who yearn for a world where ID isn’t necessary. But, we don’t live in such a world. And, pretending we can live without ID will simply make the lives of the criminals, or even terrorists, easier.

A Public Opinion Strategies poll taken last year shows that 82 percent of the American public favors secure identification to prevent terrorism and identity theft. Most all Americans currently reside in states that are well on their way to secure licenses. There’s still time for the remaining three states to get on board, and provide their citizens with a powerful protection against identity theft.

Thanks for reading. I’ll check in with other thoughts on the topic soon.

Stewart A. Baker
Assistant Secretary for Policy

REAL ID – Plain and Simple

The driver’s license is the most commonly used identity document in the United States. Originally designed to verify that you’re allowed to drive, it is now the primary identification for almost everyone over the age of 16 in the United States. It’s used to enter federal buildings, board airplanes, prove your age, and it’s even used in some states as a debit card.

Like it or not, Americans rely on driver’s licenses for every day life. That’s why the security of state licensing systems is so important. And, licensing systems are only as secure as the weakest link.

Unfortunately, we learned this the hard way. Twice.

First, in 1995, when Timothy McVeigh was able to create a fake South Dakota license with ease; all it took was a manual typewriter and a kitchen iron. He used the license to rent a Ryder truck in Oklahoma and destroy the Murrah Federal Building. Then, on September 11, 2001, eighteen of the nineteen hijackers carried government-issued IDs – mostly state driver’s licenses, many obtained fraudulently.

The 9/11 Commission recognized that it’s too easy to get false identification in the U.S. That’s why the Commission determined that “(s)ecure identification should begin in the United States. The federal government should set standards for the issuance of birth certificates and sources of identification, such as driver’s licenses.” Congress responded with the REAL ID Act of 2005, which requires the federal government to set standards for the identifications it accepts.

At its core, the regulation requires that, in order for a state’s ID to be used to gain access to federal facilities, airplanes and the like, the state must implement strong security standards in three areas.

1. First, the state must apply better standards when verifying the identification of those applying for driver’s licenses.


2. Second, states must increase the physical security features on the driver’s license card by making it harder to alter or forge (e.g., optical variable devices, ultraviolet features, micro-printing, fine line duplex patterns, and other features that cannot be reproduced using commercially available products).


3. Finally, it calls for the security of the production facilities and materials used in the production of licenses, as well as the security of the DMV databases.

In recent weeks, we've heard myth upon myth and anecdote after anecdote to counter the mounting momentum in favor of REAL ID. Fifty-one jurisdictions, to include forty-six states accounting for 97 percent of the licenses issued in the United States, are already on the road to driver's license security. That’s because Americans want identity protection, and it’s because they recognize that knowing who a person is matters. We still live in a world where airplanes and passengers are a target of choice.

That’s where REAL ID comes in. Plain and simple.

As I write, four states have yet to commit to secure licenses for their citizens. The good news for these state leaders is that there’s still time to get on board. I’ll have more to say about this in the coming days. In the meantime, thanks for reading and I look forward to your comments.

Stewart A. Baker
Assistant Secretary for Policy

Let's get Real

A key feature of modern society is the widespread presence of tangible proofs of identity, such as driver’s licenses and other government-issued IDs.

Our need for these documents is clear. Modern life consists of countless interactions among strangers and to guard against the dishonest or dangerous ones, it helps to have concrete evidence of who we all are.

But just as we need these documents to verify people’s identity, so must we verify the documents themselves. From potential terrorists trying to gain access to critical infrastructure, to illegal immigrants aiming to get jobs and stay in this country, to con men wanting to steal our identity, there are plenty of individuals who are obtaining these documents illegally or creating bogus ones.

Given this threat, the case for more secure forms of identification is compelling indeed. The 9/11 Commission recommended it; Congress has mandated it; the American people overwhelmingly support it; and now, my department has taken a big step forward toward achieving it.

In accordance with the REAL ID Act of 2005, yesterday we unveiled a set of uniform standards to help our states advance this national imperative.

Under these new standards, driver’s license applicants must furnish documentary proof of who they are and that they’re here legally. States must verify that the documents are legitimate, issue REAL ID licenses that are tougher to tamper with or counterfeit, and work together to prevent people from receiving licenses from multiple states. Department of Motor Vehicles offices must protect their operations and databases from identity theft and other nefarious activities.

Many states are already taking steps to secure identification and we will grant extensions for REAL ID implementation to those who need them and are making genuine progress.

To help defray the states’ implementation costs, we’re making $360 million available -- $80 million in dedicated REAL ID grants and $280 million in general homeland security funding. We’ve cut these costs by almost three-quarters by extending the enrollment deadline three years -- to December 2017 -- for Americans who will be 50 years of age or older as of December 2014.

As a result, the average cost increase for issuing a REAL ID license will be just $8 per person, or just $2 a year. For most Americans, that’s a price worth paying to secure our identity documents. But for a vocal minority, led by the ACLU and like-minded groups, it is not. Rather than an urgent necessity, they depict secure identification as an egregious violation of privacy.

Their position defies both logic and consistency. Have ACLU officials ever objected publicly to the presence of driver’s licenses and other ubiquitous forms of identification? Of course they haven’t. How then can they protest against every effort to secure these documents from fraud and falsification? Do they support insecure identification?

Privacy is indeed at stake here, but it’s the ACLU and their allies who pose the greatest threat to it. Without REAL ID, Americans will remain vulnerable to one of the most egregious privacy violations of all – identity theft.

Under our plan, the new licenses that States issue in 2011 will have to comply with REAL ID security standards.

Michael Chertoff

Real Progress on Real ID

All but one of the nineteen 9/11 hijackers carried government-issued IDs – mostly state driver’s licenses. The hijackers found it easy to obtain these documents, often by taking advantage of an underground network that services illegal workers.

The 9/11 Commission was as dismayed as the rest of us by how easy it was for the hijackers to beat the system, and it recommended an overhaul of the way states issue such documents. Congress responded with the REAL ID Act, which sets minimum standards for states to issue IDs.

Unfortunately, while many states have begun to secure their driver’s licenses, others have been slow to do so, claiming that security improvements are too costly. In any event, we do not think that the cost of secure identification is too high, especially compared to the cost of keeping the current system, which helped not just the 9/11 hijackers but millions of illegal workers who use fake documents to get jobs in the U.S. and identity thieves who take advantage of easily forged ID to invade the privacy and ruin the credit of tens of thousands of Americans each year.

At the same time, we recognize that the states do need time and help to build a more secure system for issuing driver’s licenses. DHS has found two ways to provide relief to the states while sticking to the 9/11 Commission’s recommendation.

First, after listening hard to the states’ concerns, we have recognized that the federal standards for secure licenses will need to give the states more time and flexibility. We hope that the new regulations, to be released in the next several weeks, will cut costs substantially. Based on the new flexibility, states as far apart as Arizona and New York have recently signed formal agreements to implement REAL ID, and we expect others to join once the regulations are published.

Second, today the department is issuing grant guidance to provide direct assistance to the states in meeting the new requirements. One of the new security features in the REAL ID act is a requirement that states double-check the documents that allow people to get licenses. There’s no point in having hard-to-forge licenses if they can be obtained by an easily forged and unchecked birth certificate.

The best way to stop such forgery is through an electronic network that allows one state to double-check birth certificates or licenses issued in other states. By allowing states to query each other’s records, we can avoid creating a consolidated database while ensuring that the data is kept up-to-date. (Such a system is already in effect to make sure that unsafe truckers don’t get commercial licenses from a dozen different states to beat the “points” system.) The federal government is taking the lead in getting such an electronic network off the ground. Today we are issuing grant guidelines that will give states access to $31 million dollars that could be used for that purpose. Once it’s built, all states will be able to hook up to the system, so all will benefit. An additional $4 million will help states electronically check birth certificates.

This is a good day for our nation’s security. It has been a long time coming, but REAL ID is finally building a head of steam. In the past few weeks, we have reached agreement with New York and Arizona on implementing the law and issued a blueprint for building an antifraud network. In the coming weeks we will provide detailed and flexible standards for improving the security of driver’s licenses across the board. And one of the last unimplemented recommendations of the 9/11 Commission will be on its way to completion.

Stewart A. Baker
Assistant Secretary for Policy